|
Post by richard on Jul 17, 2007 10:52:41 GMT
hey i dont know how s4ndmans done it but if players connect to his 64 player server (s4ndmod hosting ) their wolfmp. config get changed from /cl_allowdownload 0 to /cl_allowdownload 1 which is fine so they can download what ever map you want players to get or so on but when they try to connect to servers with sv_allowdownload 0 they are screwed if they have not the know how to turn off the auto download func. BUT a lot of players (esp new comers ) wont have a clue when they kicked from servers like , valks , serverluxx or any server running mod pak maps i kknow i can change the kick msg from " this server prevents auto downloading blah blah blah ) to turn off your download /cl_allowdownload 0 and or visit forum what can be done server side to turn players back to download off again ? ;D i know if they have the rtcw 1.1 they will require the our ver of 1.1 (in the downloads ) anyways interesting hows hes done it ? Rich
|
|
|
Post by towly on Jul 17, 2007 11:15:39 GMT
thanks richard was wondering why my cfg is changing my magic every now and then and it must be on other servers too , cuz i only go to the BEACH server sometimes or to the AoA deathmatch server so i think its on each of those servers atleast im not totally lost and know how to change it still it was weird thanks ur towl
|
|
|
Post by |'L0.| on Jul 17, 2007 13:06:15 GMT
it has to be probably on all servers that sandmod hosts cuz it's the same on Malice's server- he has server hosted on sandmod and it's set to 0 on server side as in his cfg but yet could dl the maps once i put 1.4 and custom maps on his server I notice at my self that cfg only changes for that time when i'm on wolf cuz soon as i restart wolf my autoexec boots up and there is disabled so it's automaticly set back to 0
|
|
|
Post by MrPingu on Jul 17, 2007 16:59:02 GMT
argh! servers should leave the cfg alone!
|
|
|
Post by Malice on Jul 17, 2007 19:16:52 GMT
well in the case of mine for instance..there is no way to avoid it...it may be all 2.2 idk...yes it is frustrating to have to change it back but as L0 says..simple exec your cfg again and all should be fine..
|
|
|
Post by richard on Jul 17, 2007 19:42:36 GMT
its not your fault Malice i just wondered how on earth he had done it ! ? but its not so bad if when a player restarts his/her game its back to normal etc but you know the problem if you try telling a player to type /c_allowdownload ,,,they end up thinking its somekind of /rambo thing and get scared off...ect also esp if this idiot named fokkewulf ( aka Kiko ) from AvA ? people will think its me !! as i have had a player ask me "did you kick me from AvA " etc i tell them i am not admin there nor do i even play on that servers
|
|
|
Post by |'L0.| on Jul 17, 2007 19:57:26 GMT
i bet he tryed to fake u but failed in english
|
|
|
Post by Malice on Jul 17, 2007 19:59:02 GMT
naw..i know its not my fault..but i like you would like it to be diabled in someway.
and ive seen that player..knew it wasnt you though
|
|
|
Post by MrPingu on Jul 19, 2007 7:50:58 GMT
How it can be done, and how it might be exploited: aluigi.altervista.org/adv/q3cfilevar-adv.txtcl_allowdownload should never be turned on! The bug in the engine is being used to overwrite cvars. It can be used to upload virus and Trojan horses. Why does the rtcw community allow S4ndman to exploit this bug? Reset the cvar at game startup by setting it in autoexec.cfg seta cl_allowDownload "0"
|
|
|
Post by Malice on Jul 20, 2007 17:43:07 GMT
hmmm it isnt a matter of "allowing" him to "exploit" this bug
allowdownload can be helpful
|
|
|
Post by |'L0.| on Jul 20, 2007 18:36:27 GMT
as i see it- it's not a problem not trusting sandman he'll put trojans or anything so from this view it's good he found a way to 'force' user to dl map as it can be usefull for regulars with no scripting skills to join servers with custom maps etc. But from other view it's a problem cuz this is basicly 'hacking' it's non allowed entrance to your cfg- i am one of many that have disabled download in autoexec just cuz it's a security risk- on 1.4 they uploaded trojans to ppl by this way on some servers (as i heart some time ago ), so it's technicly speaking the same as if some1 would hack u with brute force...altought it only changes the cfg and can't really modify system but it can be implanted file virus/trojan.... that can do this. So big issue is- how can u trust servers? What does prevent if etc. infamous TK's found out a way as sandman did and create fake server- etc. old in old colors ' AvP Obj' and force user to dl viruses that will crash your system or even worse, actualy burn hardware. That fact can totaly ruin servers as public can go on others as they wont trust servers anymore and most of all that can get some serius damage resolving in spending money for new hardware...that's the thing that worrys me
|
|
|
Post by MrPingu on Jul 21, 2007 15:14:18 GMT
hmmm it isnt a matter of "allowing" him to "exploit" this bug allowdownload can be helpful It isn't his call wether I should download from the servers or not. It is I who should be in charge of my own config. The fact that he is changing my cfg, with out my agreement, by hacking, is verry wrong. Lo, I agree with your consernment on many points. But not your fear of hardware. It is possible that virus can destroy hardware but it is no wery likely that anyone would want to do that. There is so many other things the attacker could do with your pc, that destroying it will almost never be their choice. There is also a great possibility of getting caught. So it's not many that will be stupid enough to attempt this...
|
|
|
Post by |'L0.| on Jul 21, 2007 17:51:26 GMT
well many old trojans and back doors had options 'flood hdd' that created bad sectors on hard drive, 'eat memory' that actualy burn your ram and so on,...being in net is always a risk to get smth but games are suppose to be fun and relativly save. I like the idea what sandman created but am afraid to what can happend if it get to wrong hands- we will cancel if server will start to dl but some wont cuz they don't know that.
|
|
|
Post by crywolf on Aug 1, 2007 21:35:58 GMT
This is very bad. No one, even S4ndman have the permission to write into peoples cfg. Even if you rightklick on your wolfconfig_mp, klick on attributes and activate writing proof, it changes your cfg. This bug in the wrong hands is damn dangereous.
|
|